Content management system and information recording medium

ABSTRACT

The present invention is directed to a content management system in which content data recorded on a memory card ( 1 ) is used by a content use terminal ( 2 ). The memory card ( 1 ) has recorded, in a protected area of which reading from outside is restricted, protected information including use restriction information indicative of conditions for using encrypted content data, and key information. The content use terminal ( 2 ) performs mutual authentication with the memory card ( 1 ). Furthermore, the content user terminal ( 2 ) reads the protected information from the protected area only when mutual authentication succeeds. Then, based on the use restriction information included in the read protected information, it is decided whether or not the content data recorded on the memory card ( 1 ) is usable. Also, the management server ( 3 ) transmits use restriction update information to the content use terminal ( 2 ) so as to update the use restriction information.

TECHNICAL FIELD

[0001] The present invention relates to content management systems andinformation recording media and, more particularly, to a contentmanagement system in which a content recorded on a portable-typerecording medium is used at a content use terminal, and an informationrecording medium used therein.

BACKGROUND ART

[0002] In recent years, various types of schemes for supplying userswith contents, such as programs and image data have been thought. In oneexemplary type of scheme, a content recorded on a portable-typerecording medium is distributed in advance to a user. In such type ofscheme, when the user uses the content, his or her terminal transmits arequest for using the content to a management server, and then receivesa use permission from the management server, thereby enabling the use ofthe content. With the above system, a service model can be constructedas such that the server can perform processes, such as billing, inaccordance with the request for using the content. Such a service modelis a very useful in view of content providers.

[0003] One example of conventional art for achieving the above-describedcontent providing system is an invention disclosed in Japanese PatentLaid-Open Publication No. 9-34841. FIG. 17 is a block diagramillustrating the configuration of a conventional content providingsystem. In FIG. 17, the content providing system includes a CD-ROM 91, auser PC 92 (terminal), a CD-ROM key-open center 93 (server), and acommunications network 94. The CD-ROM 91 stores an encrypted content,and is distributed in advance to a user. To use the content, the userinserts the distributed CD-ROM 91 in the user PC 92 so as to transmit arequest from the user PC 92 for purchasing the content stored in theCD-ROM 91. Upon receipt of the request via the communications network94, the CD-ROM key-open center 93 transmits a key corresponding to thecontent requested to be purchased to the user PC 92. At this time, theCD-ROM key-open center 93 performs a billing process, etc., upontransmission of the key. Upon receipt of the key from the CD-ROMkey-open center 93, the user PC 92 uses the key to decode the content inthe CD-ROM 91 for use. With the above, the content in the CD-ROM can beprovided offline.

[0004] As described above, in the content providing system wherepermission is required from the server in order to use apreviously-distributed content, a use restriction is required so as notto allow free use of the distributed content. Conventionally, asdescribed above, the use restriction is removed by receiving theencryption key itself for restricting the use of the content.

[0005] However, in the invention described in the above gazette, the useof the key transmitted from the CD-ROM key-open center 93 makes itpossible to install a software program on a hard disk of the user PC 92.Therefore, once receiving the key, the user PC 92 can freely use thecontent thereafter. That is, once after receiving the key, the user canfreely use the content as many number of times and hours as the userlikes. As such, in such a conventional content managing scheme ofrestricting the use of a content only by a key transmitted from theserver, the content provider cannot place restriction in detail inaccordance with the amount of use or the use period of the content. Forexample, the content provider cannot perform billing in accordance withthe state of use of the content, that is, the number of uses, the usetime, etc., or cannot place restriction on a use period of the contentto perform billing at renewal.

[0006] Therefore, an object of the present invention is to provide acontent management system in which a content provider side can place userestriction in more detail regarding the use of a content.

DISCLOSURE OF THE INVENTION

[0007] To achieve the above object, the present invention has featuresas described below.

[0008] A first aspect of the present invention is directed to a contentmanagement system in which content data recorded on a portable-typerecording medium is used by a content use terminal, including:

[0009] the content use terminal;

[0010] a recording medium removably inserted to the content useterminal; and

[0011] a management server communicable with the content use terminal,

[0012] the recording medium including:

[0013] a content data recording section which records encrypted contentdata;

[0014] a medium-side authenticating section which performsauthentication with the content use terminal; and

[0015] a protected area which records therein protected information ofwhich reading from outside is restricted, the protected informationincluding use restriction information indicative of conditions for usingthe encrypted content data and key information for decoding theencrypted content data, and

[0016] the content use terminal including:

[0017] a terminal-side authenticating section which performs mutualauthentication with the recording medium in cooperation with themedium-side authenticating section;

[0018] a protected information reading section which reads the protectedinformation from the protected area of the recording medium only upon asuccess of the mutual authentication performed by the terminal-sideauthenticating section with the recording medium;

[0019] a use deciding section which decides, based on the userestriction information included in the protected information read bythe protected information reading section, whether or not the contentdata recorded on the recording medium is usable;

[0020] a content decoding section which decodes, upon a decision made bythe use deciding section that the content data recorded on the recordingmedium is usable, the content data encrypted and recorded on therecording medium by using the key information included in the protectedinformation read by the protected information reading section; and

[0021] a content executing section which executes the content datadecoded by the content decoding section, wherein

[0022] the management server transmits, to the content use terminal, userestriction update information for updating the use restrictioninformation,

[0023] the terminal-side authenticating section performs mutualauthentication with the recording medium upon a receipt of the userestriction update information from the management server, and

[0024] the content use terminal further includes an updating sectionwhich updates, in accordance with the use restriction informationtransmitted from the management server, the use restriction informationrecorded in the protected area of the recording medium only upon successof the mutual authentication performed by the terminal-sideauthenticating section with the recording medium.

[0025] According to the above first aspect, the content data is executedupon a decision made based on the use restriction information that thecontent data is usable. As such, in the present aspect, the use of thecontent is restricted by the use restriction information. Also, sincethe use restriction information is recorded on the protected area, thedetails cannot be changed in an unauthorized manner. Therefore, by thecontent provider freely setting the use restriction information beforedistributing the recording medium, the use restriction of the contentcan be set in detail. Furthermore, according to the present aspect, withtransmission of the use restriction update information from themanagement server, the use restriction information recorded on therecording medium is updated. Since the details of the use restrictionupdate information is set by the management server side, the userestriction information can be freely changed by the management serverside by using the use restriction information. Therefore, the managementserver side, that is, the content manager (provider) can set the userestriction of the content by the use restriction information in moredetail.

[0026] According to a second aspect based on the first aspect,

[0027] the content use terminal further includes a use requestingsection which transmits, to the management server, upon a decision bythe use deciding section that the content data recorded on the recordingmedium is not usable, use request information indicative of a requestfor using the content data decided as not being usable,

[0028] upon a receipt of the use request information from the userequesting section of the content use terminal, the management servertransmits, to the content use terminal, use restriction updateinformation regarding the content data requested by the transmitted userequest information, and

[0029] upon an update performed by the updating section of the userestriction information recorded on the protected area, the contentdecoding section decodes the content data regarding the updated userestriction information.

[0030] According to the above second aspect, upon a determination madebased on the use restriction information that the content is not usable,the use restriction update information is transmitted from themanagement server to the content use terminal. Therefore, even with adetermination that the content is not usable, the use restrictioninformation is changed in accordance with the use request, and thereforethe content data can be executed.

[0031] According to a third aspect based on the second aspect, theprotected information further includes a content identifier foridentifying the content data recorded on the recording medium,

[0032] the use requesting section transmits, to the management server,as a use request, use request information including the contentidentifier indicative of the content data requested by the use request,and

[0033] the management server transmits, to the content use terminal, theuse restriction update information regarding the content data indicatedby the content identifier transmitted from the use requesting section ofthe content use terminal.

[0034] According to the above third aspect, the content data indicatedby the use request is specified by the content identifier. Also, sincethe content identifier is recorded on the recording medium, the contentuse terminal does not have to hold, in advance, information forspecifying the content data indicated by the use request. Therefore,according to the present aspect, the content use terminal can easilyspecify the content data indicated by the use request.

[0035] According to a fourth aspect based on the first aspect, the userestriction update information is information indicative of conditionsfor using the content data, and the updating section updates the userestriction information recorded on the protected area of the recordingmedium so that conditions indicated by the use restriction informationare identical to the conditions indicated by the use restriction updateinformation transmitted from the management server.

[0036] According to the above fourth aspect, the use restriction

[0037] update information has the same details as those of the userestriction information. Therefore, when the use restriction informationrecorded on the recording medium is updated by the use restrictionupdate information, the use restriction update information held at themanagement server side indicates the same details as those indicated bythe use restriction information held in the recording medium. With theabove, according to the present aspect, it is possible at the managementserver side to grasp the details of the use restriction informationrecorded on the recording medium without generating a specific databasethat represents use history.

[0038] According to a fifth aspect based on the first aspect,

[0039] the use restriction update information is information indicativeof an amount of change in the use restriction information recorded onthe recording medium between before and after the update, and

[0040] based on the amount of change indicated by the use restrictionupdate information transmitted from the management server, the updatingsection updates the use restriction information recorded on theprotected area of the recording medium.

[0041] According to the above fifth aspect, irrespectively of thedetails of the use restriction information recorded on the recordingmedium, the amount of use of the content can be equally changed for thecontent use terminals which transmit the use restriction updateinformation. Therefore, by transmitting the same use restriction updateinformation from the management server to a plurality of content useterminals, the content provider can provide the same service to users ofthe content use terminals.

[0042] According to a sixth aspect based on the first aspect,

[0043] the content use terminal further includes:

[0044] a use restriction update information storage section which storesthe use restriction update information transmitted from the managementserver; and

[0045] a use restriction information deciding section which makes adecision about whether or not the protected information recorded on therecording medium includes use restriction information corresponding tothe use restriction update information stored in the use restrictionupdate information storage section, the decision being made only upon asuccess of the mutual authentication performed by the terminal-sideauthenticating section with the recording medium,

[0046] upon new insertion of a recording medium, the terminal-sideauthenticating section performs mutual authentication with thenewly-inserted recording medium, and

[0047] upon a decision made by the use restriction information decidingsection that the use restriction information corresponding to the userestriction update information stored in the use restriction updateinformation storage section is included, the updating section updatesthe use restriction information recorded on the recording medium inaccordance with the use restriction update information stored in the userestriction update information storage section.

[0048] According to the above sixth aspect, the content use terminaldecides whether or not to update the use restriction informationwhenever a recording medium is inserted. Here, when the managementserver transmits the use restriction update information, the recordingmedium has not necessarily been inserted in the content use terminal.According to the present aspect, however, even when the use restrictioninformation cannot be updated because no recording medium is inserted atthe time of reception of the use restriction update information, the userestriction information can be updated if a recording medium is insertedthereafter. Therefore, it is ensured that the use restrictioninformation can be updated by using the use restriction updateinformation transmitted from the management server.

[0049] According to a seventh aspect based on the sixth aspect,

[0050] the content use terminal further includes a discarding sectionwhich discards, upon an update by the updating section of the userestriction information, the use restriction update informationcorresponding to the updated use restriction information from the userestriction update information storage section.

[0051] According to the above seventh aspect, the use restriction updateinformation is discarded from the use restriction update informationstorage section. Therefore, it is possible to prevent the userestriction information from being updated by the same use restrictionupdate information and to prevent a meaningless updating process.

[0052] According to an eighth aspect based on the seventh aspect,

[0053] the management server transmits, to the content use terminal, theuse restriction update information together with updatable periodinformation indicative of a period during which the use restrictioninformation can be updated by the use restriction update information,

[0054] the use restriction update information storage section furtherstores the updatable period information transmitted from the managementserver,

[0055] the content use terminal further includes an update decidingsection which makes a decision based on the updatable period informationstored in the use restriction update information storage section aboutwhether or not the use restriction update information recorded on therecording medium is to be updated, upon a decision made by the userestriction information deciding section that the use restrictioninformation corresponding to the use restriction update informationstored in the use restriction update information storage section isincluded,

[0056] the updating section updates the use restriction information onlyupon a decision made by the updating decision section that the userestriction information is to be updated, and

[0057] upon a decision made by the update deciding section that the userestriction information is not to be updated, the discarding sectiondiscards the use restriction update information and the updatable periodinformation corresponding to the use restriction information decided asbeing not to be updated from the use restriction update informationstorage section.

[0058] According to the above eighth aspect, the use restriction updateinformation updates the use restriction information recorded on therecording medium only within the period indicated by the updatableperiod information. Also, if an updating process is not performed withinthe updatable period, the use restriction update information whoseupdatable period has passed is discarded from the use restriction updateinformation. Therefore, according to the present aspect, it is possibleto prevent a wasteful process of deciding whether or not to update bythe use restriction update information that is not necessary because noupdating process is performed.

[0059] According to a ninth aspect based on the first aspect,

[0060] the content use terminal further includes a retrieval requestingsection which transmits retrieval request information indicative of aretrieval request for requesting a retrieval of the content data to themanagement server; and

[0061] a recording section which records in the recording medium, onlyupon a success of the mutual authentication performed by theterminal-side authenticating section with the recording medium,information transmitted from the management server in response to theretrieval request information transmitted from the retrieval request,

[0062] the management server transmits, to the content use terminal, theencrypted content data indicated by the retrieval request informationtransmitted from the retrieval requesting section of the content useterminal, the use restriction information regarding the content data,and the key information for decoding the content data, and

[0063] the recording section records at least the use restrictioninformation and the key information of the information transmitted fromthe management server in the protected area.

[0064] According to the above ninth aspect, the content use terminal canretrieve the content from the management server by a retrieval request.Furthermore, the use restriction information and the key information ofthe retrieved content are recorded in the protected area of therecording medium. Therefore, unauthorized use can be prevented.

[0065] According to a tenth aspect based on the ninth aspect,

[0066] the protected area has further recorded therein a contentidentifier for identifying a content recorded on the recording medium,

[0067] the retrieval requesting section transmits information includingthe content identifier recorded on the recording medium as the retrievalrequest information at the time of retrieving the content data relatedto the content data recorded on the recording medium, and

[0068] the management server transmits, to the content use terminal, theencrypted content data which corresponds to content data indicated by acontent identifier transmitted from the retrieval requesting section,the use restriction information regarding the content data, and the keyinformation for decoding the content data.

[0069] According to the tenth aspect, the content use terminal can newlyretrieve content data related to the content data recorded on therecording medium. With this, the user can easily retrieve a contentother than the content that has already been owned. Therefore, the usercan have more opportunities to retrieve a new content. For the contentprovider side, this leads to the promotion of the use of contents.

[0070] According to an eleventh aspect based on the tenth aspect,

[0071] in addition to the content identifier, the retrieval requestingsection transmits, to the management server, the use restrictioninformation corresponding to the content data indicated by the contentidentifier, and

[0072] the management server changes details of the use restrictioninformation to be transmitted to the content use terminal in accordancewith details of the use restriction information transmitted from theretrieval requesting section.

[0073] According to the above eleventh aspect, the use restrictioninformation regarding the newly-retrieved content is changed inaccordance with the details of the use restriction informationtransmitted as the retrieval request. That is, in a case where there area plurality of content use terminals, the management server can changethe details of the use restriction information for each content useterminal transmitting a retrieval request. Therefore, it is possible toplace use restriction in detail for each content use terminal.

[0074] According to a twelfth aspect based on the first aspect,

[0075] the use restriction information includes at least one ofnumber-of-uses limit information indicative of the number of times thecontent data recorded on the recording medium can be used, time limitinformation indicative of a time during which the content data recordedon the recording medium can be used, and date/time limit informationindicative of a date/time by which the content data recorded on therecording medium can be used.

[0076] According to the twelfth aspect, the content provider can set theuse restriction information so that the use of the content data isrestricted by any one of the number of uses, the use time, and the usedate/time.

[0077] A thirteenth aspect is directed to a portable-type informationrecording medium removably attached to a content use terminal usingcontent data, including:

[0078] a content data recording section which records encrypted contentdata;

[0079] a medium-side authenticating section which performsauthentication with the content use terminal as a part of a mutualauthentication process performed with the content use terminal; and

[0080] a protected area which records protected information including acontent identifier for identifying the content data, use restrictioninformation indicative of conditions for using the encrypted contentdata, and key information for decoding the encrypted content data, theprotected information of which reading from outside being restricted,wherein

[0081] the protected area can be read by the content use terminal onlyupon a success of the mutual authentication process performed with thecontent use terminal.

[0082] According to a fourteenth aspect based on the thirteenth aspect,

[0083] the use restriction information includes at least one ofnumber-of-uses limit information indicative of the number of times thecontent data can be used, time limit information indicative of a timeduring which the content data can be used, and a date/time limitinformation indicative of date/time by which the content data can beused.

BRIEF DESCRIPTION OF THE DRAWINGS

[0084]FIG. 1 is a block diagram illustrating the configuration of acontent management system according to a first embodiment of the presentinvention.

[0085]FIG. 2 is an illustration showing the structure of files and theirdirectory recorded on a memory card illustrated in FIG. 1.

[0086]FIG. 3 is a block diagram illustrating the hardware structure of acontent use terminal 2 illustrated in FIG. 1.

[0087]FIG. 4 is a block diagram illustrating a functional structure ofthe content use terminal 2 illustrated in FIG. 1.

[0088]FIG. 5 is a flowchart showing a flow of a process performed by thecontent use terminal 2 in a first operation example.

[0089]FIG. 6 is a flowchart showing the details of step S105 illustratedin FIG. 5.

[0090]FIG. 7 is a block diagram illustrating a functional structure of amanagement server 3 illustrated in FIG. 5.

[0091]FIG. 8 is an illustration showing a use restriction update tableheld in the management server 3 according to the first embodiment.

[0092]FIG. 9 is a flowchart showing a flow of a process performed by themanagement server 3 in the first operation example.

[0093]FIG. 10 is an illustration showing a flow of one example of a userestriction update table in another embodiment.

[0094]FIG. 11 is a flowchart showing a flow of a process performed bythe management server 3 in a second operation example.

[0095]FIG. 12 is an illustration showing one example of a transmissiondestination table held in the management server 3 in the secondoperation example.

[0096]FIG. 13 is a flowchart showing a flow of a process performed bythe content use terminal 2 in the second operation example.

[0097]FIG. 14 is a flowchart showing a flow of a process performed bythe content use terminal 2 in a third operation example.

[0098]FIG. 15 is a flowchart showing a flow of a process performed bythe management server 3 in the third operation example.

[0099]FIG. 16 is an illustration of one example of a related contenttable held in the management server 3 in the third operation example.

[0100]FIG. 17 is an illustration conceptually showing the configurationof a content management system according to a second embodiment.

[0101]FIG. 18 is a block diagram illustrating the configuration of aconventional content providing system.

BEST MODE FOR CARRYING OUT THE INVENTION

[0102]FIG. 1 is a block diagram illustrating the configuration of acontent management system according to a first embodiment of the presentinvention. In FIG. 1, the content management system includes a memorycard 1, a content use terminal 2, and a management server 3.Communication between the content use terminal 2 and the managementserver 3 is performed via a network not shown. The memory card 1 is aportable-type recording medium. Also, the memory card 1 is removablyinserted in the content use terminal 2. Content data is recorded on thememory card 1.

[0103] To use the content data, the content use terminal 2 accesses thememory card 1. To access a protected area 13 of the memory card 1,mutual authentication is performed between the memory card 1 and thecontent use terminal 2. If the protected area 13 of the memory card 1 isaccessible, the content use terminal 2 determines, based on userestriction information recorded on the protected area 13 of the memorycard 1, whether the content data is usable or not. Here, the userestriction information is information indicative of conditions for useof the content data. The content use terminal 2 executes the contentdata only upon a determination that the content data is usable. In thepresent embodiment, the use of the content data is restricted by the userestriction information recorded on the memory card 1 in theabove-described manner.

[0104] Upon a determination that the content data is not usable, thecontent use terminal 2 transmits a content identifier to a contentserver. Here, the content identifier is information for identifying thecontent data, the information being unique to the content data. Themanagement server 3 transmits the use restriction information regardingthe content data indicated by the received content identifier to thecontent use terminal 2. The details of the use restriction informationrecorded on the memory card 1 are updated to the details of the userestriction information transmitted from the management server 3. Withthis, the content use terminal 2 can use the content data.

[0105] Next, the memory card 1 is described in detail. As illustrated inFIG. 1, the memory card 1 includes a medium-side authenticating section11, a public area 12, and the protected area 13. The medium-sideauthenticating section 11 performs an authenticating process at thememory card 1 side of mutual authentication between the memory card 1and the content use terminal 2. The authenticating process performed bythe medium-side authenticating section 11 forms part of the mutualauthenticating process performed by the memory card 1 and the contentuse terminal 2. Note that, in the present embodiment, the medium-sideauthenticating section 11 is achieved by a CPU included in the memorycard 1 executing a predetermined authenticating process program. Theprotected area 13 is an area which is accessible only after successfulmutual authentication between the memory card 1 and the content useterminal 2. Furthermore, the public area 12 is an area accessiblewithout such mutual authentication.

[0106]FIG. 2 is an illustration showing the structure of files and theirdirectory recorded on the memory card 1 illustrated in FIG. 1. Thememory card 1 is distributed to each user after having informationillustrated in FIG. 2 recorded in advance. Note that the informationrecorded on the memory card 1 illustrated in FIG. 2 can be obtainedthrough, for example, wired or wireless data communications with apredetermined server (the management server 3 or another dedicatedserver), or can be obtained in a form of broadcasting. Furthermore, theinformation can be obtained through reading from another informationrecording medium.

[0107]FIG. 2(a) is an illustration showing the structure of files andtheir directory recorded on the public area l2. Also, FIG. 2(b) is anillustration showing the structure of files and their directory recordedon the protected area 13. The public area 12 has recorded thereinencrypted content data and management information for managing theencrypted content data. Specifically, the public area 12 has contentfiles 122 and a manager file 121 recorded in a specific directory(denoted as “DATA” illustrated in FIG. 2(a)). Note that the contentfiles 122 are files having stored therein encrypted content data. Also,the files illustrated in FIG. 2(a) have file names of “0001.htm”,“00002.jpg”, and “00003.wav”. The manager file l2 l is a file havingstored therein management information for managing the content files122. Also, in FIG. 2(b), the protected area 13 has recorded therein aprotected information file 131 in a specific directory (denoted as“GUARDED” in FIG. 2(b)). The protected information file 131 includes atleast the above-described content identifier and use restrictioninformation. Here, the above-stated two directories correspond to eachother. That is, the protected information regarding the content files122 placed in the directory of the public area 13 are recorded on theprotected information file 131 located in the directory of the protectedarea 13.

[0108] The content files 122 each have a file name of “five-digitnumber+extension”. The manager file l2 l is composed of managementinformation and a header for managing the same. The number of pieces ofmanagement information corresponds to the number of pieces of contentdata. Furthermore, the pieces of management information respectivelycorrespond to the pieces of content data. That is, an n-th piece ofmanagement information corresponds to the content file 122 having thefile name of “n+extension”. For example, the first piece of managementinformation corresponds to a content file 122 having a file name of“00001.htm”. Here, the management information includes encryptioninformation. The encryption information is information indicative ofwhether the corresponding content file 122 has been encrypted or not.Therefore, the content use terminal 2 can determine, based on thedetails of the encryption information, whether the content data has beenencrypted or not.

[0109] The protected information file 131 is composed of protectedinformation and a header for managing the same. As with the abovemanagement information, the number of pieces of protected informationcorresponds to the number of pieces of content data. Also, the pieces ofprotected information respectively correspond to the pieces of contentdata. That is, an n-th piece of protected information corresponds to acontent file 122 having a file name of “n+extension”. For example, thefirst piece of protected information corresponds to the content file 122having the file name of “00001.htm”. The protected information includesthe above-stated content identifier, key information, and userestriction information. The key information is information indicativeof an encryption key for decoding the encrypted content data. Therefore,the terminal (including a terminal not having a function of mutualauthentication) cannot use the content data by merely accessing thepublic area, until the terminal also accesses to the protected area toobtain the key information.

[0110] Also, the use restriction information indicates informationregarding restriction on the use of the corresponding content data. Inthe present embodiment, the use restriction information includesnumber-of-uses information, use time information, and use date/timeinformation. The number-of-uses information is information indicative ofthe number of times the content data can be used. In the presentembodiment, the number-of-uses information includes informationindicative of a predetermined number of times the content data can beused and information indicative of a total number of times the contentdata has been used. For example, the number-of-uses information includesinformation indicating that the number of times predetermined as a limiton the number of uses is five and that the total number of times thecontent data has been used so far is three. With this, it can be knownthat the remaining number of times the content data can be used is two.The use time information is information indicative of a time periodduring which the content data can be used. In the present embodiment,the use time information includes information indicative of apredetermined time period during which the content data can be used anda total time period during which the content data has been used so far.For example, the use time information has recorded therein informationindicating that the time period predetermined as a use time limit istwelve hours and that the total use time so far is five hours. The usedate/time information is information indicative of date(s) and time(s)during (by) which the content data can be used. The use date/timeinformation has recorded therein, for example, information indicatingthat a time period during which the corresponding content data can beused is from the first day of August, 2001 through the thirty-first dayof December, 2001.

[0111] Next, the content use terminal 2 is described in detail. FIG. 3is a block diagram illustrating the hardware structure of the contentuse terminal 2 illustrated in FIG. 1. The content use terminal 2 has afunction of reading a content and a function of listening a sample ofthe content and replaying the content. Note that the content useterminal 2 is implemented as a personal computer for executing a programachieving these functions. In FIG. 3, the content use terminal 2includes a central processing unit (hereinafter referred to as “CPU”)201, an input unit 202, a display unit 203, a main memory 204, aread-only memory (hereinafter referred to as “ROM”) 205, acommunications interface 206, and a memory card interface 207. The CPU201 executes a program stored in the ROM 205 by using the main memory204, Data transmission/reception between the content use terminal 2 andthe server via the external network (not shown) is performed via thecommunications interface 206. Reading and writing of the memory card 1is performed via the memory card interface 207. Also, the content useterminal 2 in the present embodiment can have a structure having afunction of recording a content as well as the above-mentionedfunctions. In this case, it is possible for the content use terminal 2to retrieve content data via the communications interface 206 fromoutside (for example, the management server 3) and then record theretrieved data on the memory card 1.

[0112]FIG. 4 is a block diagram illustrating a functional structure ofthe content use terminal 2 illustrated in FIG. 1. In FIG. 4, the contentuse terminal 2 includes a terminal-side authenticating section 21, acontent use processing section 22, an input section 23, and a displaysection 24. The input section 23 and the display section 24 areimplemented by the input unit 202 and the display unit 203,respectively, illustrated in FIG. 3. In the present embodiment, theterminal-side authenticating section 21 and the content use processingsection 22 are achieved by the CPU 201 executing a predetermined programstored in the ROM 205.

[0113] A first operation example performed in the content managementsystem according to the present embodiment is described below. In thefirst operation example below, the operation performed when the contentuse terminal 2 uses the content data recorded on the memory card 1 isdescribed. FIG. 5 is a flowchart showing a flow of a process performedby the content use terminal 2 in the first operation example. To use thecontent data recorded on the memory card 1 inserted in the content useterminal 2, the content use terminal 2 first specifies a piece ofcontent data for use (step S101). That is, the input section 23 acceptsan instruction from the user for specifying a piece of content data foruse. The input section 23 is supplied with the instruction from the userfor specifying the piece of content data for use from out of pieces ofcontent data recorded on the memory card 1. That is, the user specifiesa desired piece of content data for use by using the input unit 202.With this, based on the instruction from the input unit 23, the contentuse terminal 2 can specify the piece of content data for use.

[0114] Next, in order to determine whether the specified piece ofcontent data is usable or not, the content use terminal 2 has to readthe use restriction information from the memory card 1. The userestriction information, however, is recorded on the protected area 13of the memory card 1. Therefore, the content use terminal 2 performsmutual authentication with the memory card 1 (step S102) Here, mutualauthentication is performed by the medium-side authenticating section 11and the terminal-side authenticating section 21 cooperating with eachother as follows. That is, the content use terminal 2 passes apreviously-set device key of its own to the medium-side authenticatingsection 11 of the memory card 1. The memory card 1, on the other hand,passes a previously set memory card key of its own to the terminal-sideauthenticating section 21 of the content use terminal 2. Based on therespectively received keys, the medium-side authenticating section 11 ofthe memory card 1 and the terminal-side authenticating section 12 of thecontent use terminal 2 authenticate with each other. The authenticationresults of the medium-side authenticating section 11 is reported to thecontent use terminal 2. Based on the authentication results of themedium-side authenticating section 11 and the terminal-sideauthenticating section 21, the content use terminal 2 determines whethermutual authentication has succeeded. That is, if the authenticatingprocesses performed by the medium-side authenticating section 11 and theterminal-side authenticating section 21 have succeeded, the content useterminal 2 determines that mutual authentication has succeeded.Conversely, if either or both of the authenticating processes performedby the medium-side authenticating section 11 and the terminal-sideauthenticating section 21 have failed, the content use terminal 2determines that mutual authentication has failed. For example, mutualauthentication fails if the terminal does not have a function of readingthe protected area or if the terminal is set by the memory card side soas to be prohibited to read the protected area. Note that themedium-side authenticating section 11 and the terminal-sideauthenticating section 21 can be achieved by the CPU for executing apredetermined authentication program for the mutual authenticationprocess, or can be achieved by a chip dedicated to the mutualauthentication process.

[0115] Next, the content use terminal 2 determines whether mutualauthentication in step S102 has succeeded or not (step S103). Withmutual authentication being successfully completed, the content useterminal 2 can access the protected area 13 of the memory card 1.Therefore, if mutual authentication has failed, the content use terminal2 ends the process without performing a content using process in stepS103 and thereafter. On the other hand, if mutual authentication hassucceeded, the content use terminal 2 performs the content using processin step S104 and thereafter. The content using process is describedbelow.

[0116] The content using process is performed by the content useprocessing section 22 of the content use terminal 2. Here, asillustrated in FIG. 4, the content use processing section 22 includes ause deciding section 221, a content decoding section 222, a contentexecuting section 223, a current date/time obtaining section 224, and ause restriction information updating section 225. Note that the contentuse processing section 22 is achieved by the CPU 201 executing a contentuse processing program for performing the content use processing. Also,each component included in the content use processing section 22represents a subroutine in the content use processing program.

[0117] In the content use process, the content use processing section 22first reads the protected information regarding the content dataspecified in step S101 recorded on the protected area 13 (step S104).The content use processing section 22 then performs a use decisionprocess (step S105). Here, the use decision process is performed by theuse deciding section 221. That is, the use deciding section 221 obtainsthe protected information corresponding to the specified content datafrom the memory card 1. Based on the use restriction information (thenumber-of-uses information, the use time information, and the usedate/time information) included in the obtained protected information,the use deciding section 221 decides whether the content data is usableor not. The use decision process is described below in detail.

[0118]FIG. 6 is a flowchart showing the details of step S105 shown inFIG. 5. First, the use deciding section 221 decides whether or not thenumber of uses is limited, that is, whether the obtained use restrictioninformation has set therein number-of-uses information or not (stepS1051). If it is decided in step S1051 that the number-of-usesinformation has not been set, the use deciding section 221 performs aprocess of step S1053. If it is decided in step S1051 that thenumber-of-uses information has been set, on the other hand, the usedeciding section 221 decides based on the number-of-uses informationwhether or not the total number of uses so far is smaller than thepredetermined limit on the number of uses (step S1052). If it is decidedin step S1052 that the total number of uses so far is smaller than thepredetermined limit on the number of uses, the use deciding section 221performs a process of step S1053. On the other hand, if it is decided instep S1052 that the total number of uses so far is equal to or largerthan the predetermined limit on the number of uses, the use decidingsection 221 decides that the content data is not usable, and then endsthe use decision process.

[0119] In step S1053, the use deciding section 221 decides whether ornot the use time is limited, that is, whether or not the obtained userestriction information has set therein use time information. If it isdecided in step S1053 that the use time information has not been set,the use deciding section 221 performs a process of step S1055. If it isdecided in step S1053 that the use time information has been set, on theother hand, the use deciding section 221 decides based on thenumber-of-uses information whether the total use time so far is smallerthan the predetermined use time limit (step S1054). If it is decided instep S1054 that the total use time so far is less than the use timelimit, the use deciding section 221 performs the process of step S1055.If it is decided in step S1054 that the total use time so far is equalto or larger than the use time limit, the use deciding section 221decides that the content data is not usable (step S1059), and then endsthe use decision process.

[0120] In step S1055, the use deciding section 221 decides whether ornot the use time/date is limited, that is, whether or not the obtaineduse restriction information has set therein the use date/timeinformation. If it is decided in step S1055 that the use date/timeinformation has not been set, the use deciding section 221 performs aprocess of step S1058. On the other hand, if it is decided in step S1055that the use date/time information has been set, the use decidingsection 221 receives an input of the current date/time from the currentdate/time obtaining section 224 (step S1056). Here, the currentdate/time obtaining section 224 obtains the current date/time by, forexample, using a clock internally provided to the content use terminal 2or accessing, via a network, an external server announcing the currentdate/time. After step S1056, based on the current date/time and the usedate/time information obtained in step S1056, the use deciding section221 decides whether or not the current date/time is within a range ofthe use date/time limit (step S1057). If it is decided in step S1057that the current date/time is within the range of the use date/timelimit, the use deciding section 221 decides that the content data isusable (step S1058), and then ends the use decision process. If it isdecided in step S1057 that the current date/time is not within the rangeof the use date/time limit, on the other hand, the use deciding section221 decides that the content data is not usable (step S1059), and thenends the use decision process. With the above use decision process, theuse deciding section 221 can decide whether or not the content data isusable.

[0121] Returning to the descriptions of FIG. 5, the content useprocessing section 22 then decides whether or not the decision result instep S105 is “usable” (step S106). If it is decided instep 106 that thedecision result of the use deciding section 221 shows that the contentdata is usable, the content use processing section 22 reads the contentfile 122 from the memory card 1 to decode the content data (step S107).The content data decoding process is performed by the content decodingsection 222. That is, the content decoding section 222 uses the keyinformation obtained in step S104 to decode the encrypted content datarecorded on the memory card 1. Note that the decision result obtainedthrough the use decision process is reported from the use decidingsection 221 to the content decoding section 222.

[0122] Next, the content executing section 223 executes the content datasupplied by the content decoding section 222 (step S108). The contentexecuting section 223 performs a replay/execution according to the typeof the content file 122. Also, the content executing section 223displays the content data by using the display section 24 as required.Furthermore, the content executing section 223 accesses the userestriction information of the memory card 1 to update the userestriction information. Specifically, the content executing section 223updates the total number of uses of the use time information and thetotal use time of the number-of-uses information included in the userestriction information. For example, the content executing section 223performs a process, such as a process of incrementing the total numberof uses by one or a process of adding the present use time to the totaluse time.

[0123] On the other hand, if it is decided in step S106 that thedecision result of the use deciding section 221 shows that the contentdata is not usable, the content use processing section 22 decideswhether or not to update the use restriction information (step S109).That is, the content use processing section 22 inquires of the userabout whether or not to update the use restriction information.Specifically, the display section 24 is caused to display a messageindicating that the content data is not usable. Furthermore, the contentuse processing section 22 waits for an instruction input from the userregarding whether the use restriction information is to be updated ornot. In response, the user uses the input unit 202 to make aninstruction about whether or not to update the use restrictioninformation. In the present embodiment, the input unit 23 accepts, asthe instruction from the user, only either one input of “update the userestriction information” and “do not update the use restrictioninformation”. Based on this input, the content use processing section 22decides whether or not to update the use restriction information. Instep S109, if an instruction indicative of not updating the userestriction information is supplied to the input section 23, the contentuse processing section 22 ends the content use process.

[0124] On the other hand, in step S109, if an instruction indicative ofupdating the use restriction information is supplied to the inputsection 23, the content use processing section 22 transmits use requestinformation to the management server 3 as a request for using thecontent data (step S110). The use request information is informationindicative of a request for using the content data. In the presentembodiment, the content use processing section 22 transmits, to themanagement server 3 as the request for using the content data, the userequest information including the content identifier included in theprotected information obtained from the memory card 1. Note that a useridentifier unique to the user is also transmitted together with thecontent identifier. The user identifier indicates information foridentifying the user. The user identifier may be set to the user by thecontent provider. Also, when the content identifier is transmitted viaemail, a mail address can be used as the user identifier. Upon receiptof the content identifier, the management server 3 transmits userestriction update information corresponding to the content identifierto the content use terminal 2. Here, the use restriction updateinformation is information for updating the use restriction informationrecorded on the memory card 1. A process performed by the managementserver 3 is described below in detail.

[0125]FIG. 7 is a block diagram illustrating a functional structure ofthe management server 3 illustrated in FIG. 1. In FIG. 7, the managementserver 3 includes an information processing section 31, a content datastorage section 32, and a management table storage section 33. Theinformation processing section 31 is achieved by the CPU included in themanagement server 3 executing a program for performing a predeterminedprocess shown by a flowchart, which will be described further below. Thecontent data storage section 32 stores pieces of content data to be usedby the content use terminal 2. Also, the content data storage section 32stores the pieces of the content data together with their contentidentifiers in a relational manner. Note that, in a first operationexample, the management server 3 may have a structure without thecontent data storage section 32. The management table storage section 33stores various tables, which will be described further below. Note thatthe management server 3 is implemented as a personal computer thatexecutes the above-mentioned functions through program processing.

[0126]FIG. 8 is an illustration showing a use restriction update tablestored in the management table storage section of the management server3 according to the first embodiment. As illustrated in FIG. 8, the userestriction update table stores the content identifiers and the userestriction update information in a relational manner. Here, the userestriction update table is generated for each user. That is, themanagement server 3 holds the use restriction update tables as many asthe number of registered users.

[0127]FIG. 9 is a flowchart showing a flow of a process performed by themanagement server 3 in the first operation example. First, themanagement server 3 receives use request information from the contentuse terminal 2 (step S201) to specify the user who made the request forupdating the use restriction information (step S202). Specifically,based on the user identifier transmitted together with the contentidentifier, the management server 3 specifies the use restriction updatetable to be referred to from out of the use restriction update tablesheld in the management server 3. The management server 3 then determineswhich use restriction update information is to be transmitted (stepS203) Specifically, by referring to the use restriction update tablespecified in step S202, the management server 3 specifies the userestriction update information corresponding to the content identifierreceived from the content use terminal 2. Furthermore, the managementserver 3 transmits the specified use restriction update information tothe content use terminal 2 (step S204). Taking FIG. 8 as an example fordescription, in a case where a content identifier of“ABC_MAGAZINE_(—)0101011” has been transmitted from the content useterminal 2, the management terminal transmits use restriction updateinformation of “the number of times: add three”. Note that the userestriction update information of “the number of times: add three”indicates that a limit on the number of uses that is included in thenumber-of-uses information recorded on the memory card is added withthree for update. Also, in FIG. 8, the use restriction updateinformation of “time: add three hours, date/time: extend for one month”indicates that the use time limit included in the use time informationrecorded on the memory card 1 is added with three hours for update, andthat the use date/time limit included in the use date/time informationrecorded on the memory card 1 is extended for one month for update. Assuch, the use restriction update information can update a plurality ofconditions regarding the use restriction.

[0128] Note that, as in the present embodiment, when the use restrictionupdate information is information indicative of the amount of change ofthe use restriction information recorded on the memory card 1 after theupdate by the use restriction update information, the use restrictionupdate table does not have to be generated for each user. Furthermore,when the use restriction update table is not generated for each user,the use request information transmitted from the content use terminaldoes not include any use identifier.

[0129]FIG. 10 is an illustration showing one example of the userestriction update table in another embodiment. In the other embodiment,as illustrated in FIG. 10, the use restriction update information can beinformation indicative of the limit on the number of uses, the use timelimit, or the use date/time limit included in the use restrictioninformation. In this case, the information indicative of the above limiton the number of uses or the like included in the use restrictioninformation recorded on the memory card 1 is updated so as to have thesame details as those of the use restriction update information. Forexample, when the use restriction information includes thenumber-of-uses information, the limit on the number of uses included inthe number-of-uses information is updated so as to have the same limiton the number of uses as those indicated by the use restriction updateinformation.

[0130] Also, after transmitting the use restriction update information,the management server 3 has to update the use restriction updateinformation stored in the use restriction update table. This is toprevent a situation in which, when the same user transmits a request forupdating the same content data several times, the use restriction updateinformation previously transmitted has the same details as those of theuse restriction update information to be transmitted next. Note that, asin FIG. 10, when the use restriction update information is informationindicative of conditions for using the content data, the use restrictionupdate information held in the management server 3 side varies for eachuser. Therefore, the use restriction update information has to begenerated for each user.

[0131] Returning to the descriptions of FIG. 5, upon transmission of theuse restriction update information from the management server 3 to thecontent use terminal 2, the content use processing section 22 causes theuse restriction information updating section 225 to update the userestriction information recorded on the memory card 1 (step S11). Thatis, according to the details of the use restriction update informationtransmitted from the management server 3, the use restrictioninformation updating section 225 updates the details of the userestriction information stored in the protected area 13 of the memorycard 1. For example, the use restriction update information indicates“time: add three hours, time/date: extend for one month”, the userestriction information updating section 225 updates the use restrictioninformation based on the amount of change indicated by the userestriction update information. That is, the use restriction informationupdating section 225 accesses the protected area 13 of the memory card 1to update limit on the number of uses included in the number-of-usesinformation recorded on the memory card 1 to a value obtained by addingthree to the limit on the number of uses. Also, the use date/timeinformation recorded on the memory card 1 is updated so that thedate/time (period) indicated by the use date/time information isextended for one month.

[0132] After the updating process performed by the use restrictioninformation updating section 225, the content use processing section 22performs the process of step S105. That is, the content use processingsection 22 causes the use deciding section 22 to again perform theabove-described use decision process. In this case, the use restrictioninformation recorded on the memory card 1 has been updated, and it istherefore decided that the content data is usable. Accordingly, thecontent use terminal 2 can execute the content data. This is the end ofthe descriptions of the process at the content use terminal in the firstoperation example.

[0133] Note that, in the above, the key information can be encrypted andrecorded on the protected area 13, and then decoded by a memory-cardencryption key generated by mutual authentication performed between thememory card land the content use terminal 2. In this case, ifunauthorized access is made to the protected area without performingmutual authorization, the above memory-card encryption key is notgenerated, and therefore the key information cannot be decoded.Accordingly, the content data cannot be decoded, thereby preventingunauthorized use of the content data. Also, in the above embodiment,assuming that that all pieces of the content data recorded on the memorycard have been encrypted and provided with restriction on the use, thecontent data is specified in step S101 and then mutual authentication isalways performed. In another embodiment, however, the pieces of contentdata may include a piece that has not been encrypted. In this case, thecontent use terminal 2 has to determine after step S101 whether or notthe specified content data has been encrypted. Note that such adetermination can be made by referring to the management informationrecorded on the public area 12. Note that, when the correspondingcontent data has not been encrypted, the key information preferably hasset therein random numbers so as not be noticed as not having beenencrypted (if these numbers are all 0, for example, it is obvious at afirst glance that the content data has not been encrypted).

[0134] A second operation example according to the present embodiment isdescribed next. In the second operation example described below, the userestriction update information is transmitted in arbitrary timing fromthe management server 3 and, based on the transmitted use restrictionupdate information, the content use terminal 2 updates the userestriction information recorded on the memory card 1. For example, inorder to promote the use of specific content data, the management server3 transmits the use restriction update information of that content data.

[0135]FIG. 11 is a flowchart showing a flow of a process performed bythe management server 3 in the second operation example. First, themanagement server 3 specifies a user to which the use restriction updateinformation is to be transmitted (step S301). The user as a transmissiondestination can be manually determined by the content provider whomanages the management server 3, or can be automatically determined sothat transmission is made to only a user who satisfies a certaincondition. Alternatively, all user who have been registered on atransmission destination table, which will be described further below,can be determined as transmission destinations. The management server 3then determines a content use terminal as being a transmissiondestination of the use restriction update information (step S302). Here,the content use terminal as being a transmission destination of the userestriction update information is determined as follows. That is, themanagement server 3 holds the transmission destination terminal tablethat relates the above-described user identifiers to the terminalidentifiers which are indicative of information for identifying therespective content use terminals and are unique to the respectivecontent use terminals. By referring to the transmission destinationterminal table, the management server 2 can determine, from the user towhich the use restriction update information is to be transmitted, acontent use terminal for transmission. The management server 3 transmitsthe use restriction update information to the content use terminaldetermined in the above-described manner (step S303).

[0136]FIG. 12 is an illustration showing one example of the transmissiondestination terminal table stored in the management table storagesection of the management server 3 in the second operation example. Thetransmission destination terminal table relates the users registered inthe present content management system to the content use terminals foruse by the users. As illustrated in FIG. 11, the transmissiondestination terminal table relationally stores a user identifiers andthe terminal identifiers. In FIG. 11, a user identifier of “userA” isrelated to a terminal identifier of “terminalA” and a terminalidentifier of “terminalB”. This means that the user having the useridentifier of “userA” can use two content use terminals having theterminal identifiers of “terminalA” and “terminalB”. Here, asillustrated in FIG. 11, when the use restriction update information istransmitted to a user having a single user identifier related to aplurality of terminal identifiers, the management server 3 takes allrelated terminals as transmission destination terminals. For example,when the use restriction update information is transmitted to the userof “userA”, the management server 3 transmits the use restriction updateinformation to the two content use terminals of “terminalA” and“terminalB”.

[0137] Also, in the present embodiment, the management server 3transmits the use restriction update information together with updatableperiod information regarding the use restriction update information. Theupdatable period information is information indicative of a periodduring which the use restriction information can be updated by the userestriction update information. Examples of the updatable periodinformation can be thought, such as information indicating that updatingcan be made within one month from transmission, or informationindicating that updating can be made within the year 2002.

[0138] The use restriction update information, the content identifier,and the updatable period information transmitted from the managementserver 3 are received by each content use terminal. In response, eachcontent use terminal performs a process of updating the use restrictioninformation. The process of updating the use restriction informationperformed by each content use terminal is described below by taking thecontent use terminal 2 as an example.

[0139]FIG. 13 is a flowchart showing a flow of a process performed bythe content use terminal 2 in the second operation example. First, thecontent use terminal 2 receives the use restriction update information,the content identifier, and the updatable period information transmittedfrom the management server 3 (step S401). The content use terminal 2then stores the use restriction update information, the contentidentifier, and the updatable period information transmitted from themanagement server 3 in an incorporated storage unit, for example, themain memory 204 illustrated in FIG. 3 (step S402). Here, the informationstored in the storage unit is preferably not writable for protectionagainst tampering. The content use terminal 2 then decides whether ornot a memory card has been inserted (step S403). In step S403, if amemory card has not been inserted, the content use terminal 2 waitsuntil a memory card has been inserted (step S404). While waiting in stepS404, the content use terminal 2 performs other processes including aprocess not related to the present invention and, upon insertion of amemory card, performs a process of step S405. If a memory card has beeninserted in step S403, on the other hand, the content use terminal 2performs the process of step S405.

[0140] In step S405, the content use terminal 2 performs mutualauthentication with the memory card inserted therein. Note that,although not shown, if mutual authentication fails, the content useterminal 2 does not perform a process of step S406 and thereafter.Subsequently to step S405, the content use terminal 2 decides whether ornot the inserted memory card has the use restriction informationcorresponding to the information transmitted from the management server3 (step S406). Specifically, the content use terminal 2 decides whetheror not the memory card has recorded therein a content identifieridentical to the content identifier transmitted from the managementserver 3. If there is no corresponding use restriction information instep S406, the content use terminal 2 waits until a memory card is newlyinserted (step S407). While waiting in step S406, the content useterminal 2 performs other processes including a process not related tothe present invention and, upon new insertion of a memory card, performsthe process of step S405.

[0141] On the other hand, if there is the corresponding use restrictioninformation in step S406, the content use terminal 2 decides whether ornot the use restriction update information is within a valid period(step S408). Specifically, based on the updatable period informationstored in step S402, the content use terminal 2 decides whether or notthe use restriction information can be updated by the use restrictionupdate information transmitted together with the updateable periodinformation from the management server 3. More specifically, whether ornot the use restriction update information is within the valid period isdecided by deciding whether or not the period indicated by the updatableperiod information stored in step S402 has passed. If it is decided instep S408 that the use restriction update information is within thevalid period, the content use terminal 2 updates the use restrictioninformation recorded on the memory card (step S409). Specifically, inaccordance with the use restriction update information transmitted fromthe management server 3, the content use terminal 2 updates the userestriction information, which is recorded on the memory card and iswith regard to the content data specified by the content identifiertransmitted from the management server 3. With the above, the managementserver 3 can cause the content use terminal 2 to update the userestriction information recorded on the memory card. Subsequent to stepS409, the content use terminal 2 performs a process of step S410. If itis decided in step S408 that the use restriction update information isnot within the valid period, on the other hand, the content use terminal2 discards the use restriction update information, which has beendecided as being out of the valid period, from the storage unit storingthe same (step S410). Also, the content use terminal 2 discards theupdatable period information corresponding to the use restrictioninformation. This is the end of the descriptions of the process in thecontent management system in the second operation example.

[0142] A third operation example according to the present embodiment isdescribed next. The third operation example described below is anoperation in a case where the user requests for content data related tothe content data recorded on the memory card 1 (the former content datais hereinafter referred to as related content data). Specifically, aretrieval request is made for retrieving the related content data fromthe content use terminal 2 to the management server 3. Furthermore, inresponse to the retrieval request, the management server 3 transmits therelated content data and the use restriction information to the contentuse terminal 2. According to the above, in a case where the content islike a monthly magazine, for example, if the user has the current-monthissue of the content data, the user can easily purchase a next-monthissue of the content even not through distribution by a recordingmedium. Note that, in the third operation example, the content useterminal 2 has to have a function of recording content data or the likeon the memory card 1.

[0143]FIG. 14 is a flowchart showing a flow of a process performed bythe content use terminal 2 in the third operation example. Furthermore,FIG. 15 is a flowchart showing a flow of a process performed by themanagement server 3 in the third operation example. With reference toFIGS. 14 and 15, the third operation example is described below. First,the content use terminal 2 transmits retrieval request informationregarding the content data to the management server 3 (step S501). Theretrieval request information is information indicative of a request forretrieving the content data. In the present embodiment, the retrievalrequest information includes a content identifier recorded on the memorycard 1. That is, in step S501, the content use terminal 2 reads thecontent identifier recorded on the memory card 1 for transmission as theretrieval request information to the management server 3. Here, it isassumed that, prior to making the retrieval request, mutualauthentication has been performed between the content use terminal 2 andthe memory card 1. Note that the retrieval request information caninclude use restriction information corresponding to the contentidentifier as required.

[0144] Here, with reference to FIG. 15, the process performed by themanagement server 3 is described. The management server 3 receives theretrieval request information (step S601) to decide whether or not theretrieval request is valid or not (step S602) Decision in step S602 ismade by referring to a related content table. FIG. 16 is an illustrationshowing one example of the related content table held in the managementserver 3 in the third operation example.

[0145] As illustrated in FIG. 16, the related content table relatescontent identifiers, related content identifiers, use restrictioninformation, key information, and bonus process information to eachother. The related content identifier is a content identifier of thecontent data related to the content data indicated by the receivedcontent identifier. Here, the received content identifier is the contentidentifier transmitted from the content use terminal 2. Also, thecontent data indicated by a received content identifier is referred toas received content data. The use restriction information is the oneregarding the content data indicated by the corresponding contentidentifier. The key information is the one for decoding the content dataindicated by the corresponding content identifier. The bonus processinformation is information which is referred to in a bonus process,which will be described below. It is assumed that no bonus processinformation is set if there is no related content identifier.

[0146] Returning to the descriptions of step S602, after receiving thereceived content identifier, the management server 3 transmits thecontent data indicated by the corresponding related content identifierto the content use terminal 2. Descriptions are now made by taking FIG.16 as an example. When receiving a content identifier of“ABC_MAGAZINE_(—)010101”, the management server 3 transmits content dataindicated by a content identifier of “ABC_MAGAZINE_(—)010102” to thecontent use terminal 2. Note that a correspondence between the receivedcontent identifier and the related content identifier does not have tobe as such that a single received content identifier corresponds to asingle related content identifier. For example, a plurality of receivedcontent identifiers, such as“ABC_MAGAZINE_(—)010101-ABC_MAGAZINE_(—)010110” (indicating ten contentidentifiers whose last digits are from 010101 through 010110 insequence), may correspond to a single related identifier, or vice versa.

[0147] Specific examples regarding the correspondence between thereceived content identifier(s) and the related content identifier(s)include a case where a sequel content is retrieved and a case where aspecial edition of the content is retrieved. The sequel content is sucha content as a next-month issue of the content in contrast to thecurrent-month issue of the content. In this case, the related contenttable contains the current-month issue of the content and the next-monthissue of the content as being related to each other. Also, the specialedition of the content is such as one of a series of contents. In oneexample, a book content has ten volumes of contents, and once thecontent identifiers corresponding to those contents are all transmittedto the management server 3, a special edition of the book content can beretrieved. In this case, the related content table contains ten volumesof the series of contents and the special edition of the content asbeing related to each other. As such, from the content data recorded onthe memory card, the related content data can be retrieved. With this,it is possible to promote retrieval of a new content and, in turn, topromote the use of contents.

[0148] A decision in step S602 is made by deciding, regarding thecontent identifier received from the content use terminal 2, whether ornot the related content table contains the corresponding receivedcontent identifier. That is, if the related content table stores therelated content identifier corresponding to the content identifierreceived from the content use terminal 2, the management server 3determines that the retrieval request is valid. Furthermore, in thiscase, the management server 3 performs a process of step S603. On theother hand, if the related content table does not store the relatedcontent identifier corresponding to the content identifier received fromthe content use terminal 2 (for example, if “MUSIC_POPS_TQ251POLK” istransmitted in FIG. 16), the management server 3 determines that theretrieval request is invalid. In this case, the management server 3transmits, to the content use terminal 2, a message indicating that thetransmitted retrieval request is invalid (step S606), and then ends theprocess.

[0149] In step S603, the management server 3 specifies the relatedcontent data to be transmitted. Specifically, the management server 3refers to the above related content table to specify the related contentidentifier corresponding to the received content identifier. Themanagement server 3 then performs a bonus providing process (step S604).The bonus providing process is performed in accordance with the detailsof the use restriction information transmitted from the content useterminal 2. Therefore, the bonus providing process is performed when theuse restriction information is received from the content use terminal 2.That process is not performed when the retrieval request informationfrom the content use terminal 2 does not include the use restrictioninformation. In the present embodiment, as the bonus providing process,the management server 3 changes the details of the use restrictioninformation regarding the related content data to be transmitted. Thischange is made in accordance with the details of the use restrictioninformation transmitted from the content use terminal 2. Specifically,based on the correspondence indicated by the related content table, themanagement server 3 determines the details of the bonus process.

[0150] A specific example of the bonus providing process in the presentembodiment is as follows. For example, in accordance with the limit onthe number of uses that is indicated by the use restriction informationregarding the received content data (content data indicated by thereceived content identifier), the limit on the number of uses indicatedby the use restriction information regarding the related content data ischanged. More specifically, if the limit on the number of uses that isindicated by the use restriction information regarding the receivedcontent data is any one of one through five, the limit on the number ofuses that is indicated by the use restriction information regarding therelated content data is made as five. Also, if the limit on the numberof uses that is indicated by the use restriction information regardingthe received content data is any one of six through ten, the limit onthe number of uses that is indicated by the use restriction informationregarding the related content data is made as three. As such, in aspecific example of the bonus providing process, when the limit on thenumber of uses that is indicated by the use restriction informationregarding the received content data (the remaining number of times thereceived content data can be used) is small, the limit on the number ofuses that is indicated by the use restriction information regarding therelated content data is set relatively larger. This is because, if thenumber of uses that is indicated by the use restriction informationregarding the received content data is small, it can be assumed that thecontent data has been used a large number of times, and therefore, therelated content is also presumed to be used a large number of times.Note that, if the number-of-uses information has recorded therein thetotal number of uses so far, the limit on the number of uses that isindicated by the use restriction information regarding the relatedcontent data can be changed in accordance with the total number of uses.

[0151] Another specific example of the bonus providing process in thepresent embodiment can be thought in which, in exchange for a decreasein the limit on the number of uses that is included in the userestriction information of the received content data, the limit on thenumber of uses that is included in the use restriction information ofthe related content data is increased. More specifically, the predefinednumber of uses indicated by the use restriction information regardingthe related content data is increased by one for every three of thelimit on the number of uses that is indicated by the use restrictioninformation regarding the received content data (refer to FIG. 16). Inthis case, the management server 3 transmits the use restrictioninformation regarding the related content data together with the userestriction information regarding the received content data to thecontent use terminal 2. Here, the use restriction information regardingthe received content data is transmitted to the content use terminal 2in a state where the limit on the number of uses that is received fromthe content use terminal 2 is decreased by three. In this way, such aspecific example of the bonus providing process can be thought as thatthe number of uses of the related content data is increased in exchangefor a decrease in the number of uses of the received content data. Withthis, the use can increase the number of uses of the newly-retrievedcontent (the related content), which is more likely to be used, inexchange for a decrease in the number of uses of the old content (thereceived content), which is less likely to be used. Therefore, such abonus providing process can promote the use of the related content.

[0152] Subsequently to the bonus providing process in step S604, themanagement server 3 performs a transmitting process (step S605) That is,the management server 3 transmits, to the content use terminal 2, theencrypted content data specified in step S603, the content identifiercorresponding to the content data (the related content identifier), theuse restriction information corresponding to the content data, and thekey information for decoding the content data. Note that the userestriction information and the key information to be transmitted aredetermined based on the related content table illustrated in FIG. 16.For example, if the content identifier received by the management server3 is “ABC_MAGAZINE_(—)010101”, related content data indicated by“ABC_MAGAZINE_(—)010102” is specified in step S603 as the relatedcontent data. Therefore, in step S605, with reference to a rowcontaining the content identifier of “ABC_MAGAZINE_(—)010102”, thecorresponding content use restriction information and key informationare determined. As required, in response to the bonus providing processin step S604, the management server 3 transmits, to the content useterminal 2, the use restriction information with its details beingchanged from the one received from the content use terminal 2. This isthe end of the process performed by the management server 3 in the thirdoperation example.

[0153] Returning to the descriptions of FIG. 14, the content useterminal 2 receives the content data requested by the retrieval request(the related content data), the content identifier corresponding to thecontent data, the use restriction information, and the key informationfrom the management server 2 (step S502). The content use terminal 2then records the received information on the memory card 1 (step S503).Here, the content use terminal 2 records at least the use restrictioninformation, the content identifier, and the key information on theprotected area. In the present embodiment, the content use terminal 2records the content data on the public area as a content file, whilerecording the use restriction information, the content identifier, andthe key information on the protected area. Note that, when the userestriction information with its details being changed from the onetransmitted from the content use terminal 2 to the management server 3is transmitted from the management server 3 as a result of the bonusproviding process, the content use terminal 2 updates the details of theuse restriction information in the memory card 1. This is the end of thedescriptions of the process in the content management system in thethird operation example.

[0154] Note that, in the present operation example, what is transmittedas a retrieval request is the retrieval request information includingthe content identifier of the content data related to the content datarequested by the retrieval request. In another embodiment, however,retrieval request information including the content identifier of thecontent data requested by the retrieval request itself can betransmitted. In this case, there are two types of retrieval request thatshould be discriminated: one is a retrieval request for retrievingcontent data related to the content data indicated by the contentidentifier to be transmitted, and the other is a retrieval request forretrieving the content data indicated by the content identifier to betransmitted. Therefore, the content use terminal 2 has to transmitinformation for discriminating these two types of retrieval request asbeing included in the retrieval request information. Also, other thanthe above related content table, the management server 3 has to hold atable for relating the content identifiers to the pieces of content dataindicated thereby.

[0155] Note that, in the above first embodiment, the use restrictioninformation recorded on the protected area 13 of the memory card 1includes the number-of-uses information, the use time information, andthe use date/time information. In another embodiment, however, the userestriction information is not restricted to the above. For example, theuse restriction information may represent the amount of uses as beingconverted to points. Also, the use restriction information does not haveto include all of the above three pieces of information, but may includeeither one or two of these. Furthermore, the protected information mayinclude a check value for checking to see if the use restrictioninformation and the content identifier have been tampered. Note that thecheck value may be any as long as it corresponds to the use restrictioninformation and the content identifier, and may be stored in a fileother then the protected information file 131.

[0156] Furthermore, in the first embodiment, the use restrictioninformation (the number-of-uses information, the use time information,the use date/time information) is information composed of valuesindicative of predetermined use restriction conditions and valuesindicative of the total results of use so far. For example, thenumber-of-uses information is composed of the predetermined limit on thenumber of uses and the total number of uses so far. Here, in anotherembodiment, the use restriction information may be informationindicative of only conditions for using the content data. For example,the number-of-uses information may be information indicative of a numberof times the content data can be used. In this case, the number-of-usesinformation indicates that the content data can be used twice more, forexample. Then, when the content data is used, the content use terminalupdates the number-of-uses information recorded on the memory card.Further, the use restriction update information may be in a formatidentical to that of the use restriction information. That is, the userestriction update information may be information indicative ofconditions for using the content data. At this time, the content useterminal 2 updates the use restriction information recorded on theprotected area of the memory card 1 so that the use restrictioninformation has the same condition as those indicated by the userestriction update information transmitted from the management server 3.For example, when the use restriction update information indicates thatthe number of times the content data can be used is ten, the content useterminal receiving the use restriction update information updates theuse restriction information recorded on the protected area of the memorycard 1 so that the content data can be used ten times more. As describedabove, the use restriction information can have the same format as thatof the use restriction update information.

[0157] Still further, in the above first embodiment, the memory card 1has the public area 12 and the protected area 13. In another embodiment,however, the memory card may have only the public area 13. In this case,all files are placed in the protected area 13. Still further, in theabove first embodiment, the memory card 1 is used as the informationrecording medium. Alternatively, another information recording mediumcan be used, such as a disk or a tape.

[0158] Still further, in the above first embodiment, the managementserver 3 can perform a billing process in response to a content data userequest and a content data retrieval request. That is, in response tothe use request or the retrieval request, the management server 3transmits the use restriction update information and the use restrictioninformation to the content use terminal 2, and also may perform billingin accordance with the transmitted use restriction update informationand the use restriction information. More specifically, a billingprocess can be performed in the process of transmitting the userestriction information in step S204 shown in FIG. 9 or in the processof transmitting the content and others in step S605 shown in FIG. 15.For example, upon a determination of the use restriction updateinformation in step S203, a billing process is performed on the userspecified in step S202 in accordance with the details of the userestriction update information determined in step S203. Also, the timingof the billing process is not restricted to the transmitting process,but the billing process may be performed in response to the process ofdetermining the use restriction information in step S203, for example.Still further, as the bonus providing process in the third operationexample, the management server 3 may perform a process so that thebilling amount is changed in accordance with the use restrictioninformation transmitted from the content use terminal 2. For example,the billing amount can be decreased (a discount amount is increased) asthe limit on the number of uses indicated by the use restrictioninformation is decreased.

[0159] Next, as a second embodiment of the present invention, anotherexample of use of the content management system is described. The secondembodiment shows that the content management system according to thepresent invention is used for a door locking system in accommodations,such as hotels. FIG. 17 is an illustration conceptually showing theconfiguration of the content management system according to the secondembodiment. Note that the system of the present embodiment can beachieved by using the components of the content management system in thefirst embodiment. Therefore, the components identical to those in thecontent management system according to the first embodiment are providedwith the same reference numbers. The content management system includesa memory card 1, which is a card key for a door, a content use terminal2, which is a locking device of the door, and a management server 3 formanaging the locking device of the door.

[0160] Upon insertion of the memory card 1 serving as the card key intothe content use terminal 2 serving as the locking device of the door,mutual authentication is performed between the memory card 1 and thecontent use terminal 2. Through such mutual authentication, the contentuse terminal 2 can access the protected area of the memory card 1. Here,the public area of the memory card has recorded therein, as contentdata, a character string for unlocking the door. The doors of the roomsin the accommodations have respectively set therein different characterstrings. That is, the doors of the rooms in the accommodations a resetso as to be unlocked by different character strings. Also, the protectedarea has recorded therein conditions for using the character string.Here, it is assume in the present embodiment that a date/time (period)when the character string can be used is recorded as the use restrictioninformation. More specifically, it is assumed that the use restrictioninformation indicates a period during which the user (guest) can stay.Moreover, the protected area has recorded therein a content identifierfor identifying the content data.

[0161] Subsequently to mutual authentication, the content use terminal 2reads the use restriction information recorded on the protected area.Furthermore, based on the read use restriction information, the contentuse terminal 2 decides whether or not the content data (the characterstring for unlocking the door) can be used. Specifically, the contentuse terminal 2 decides from the use date/time limit and the currentdate/time whether the character string for unlocking the door can beused. In the present embodiment, if the content data is usable, thatmeans that the guest can use the room. On the other hand, if the contentdata is not usable, that means that the guest cannot use the room. Forexample, if a scheduled check-in date has been passed or a check-outtime has been passed, the current time is not within a period of the usedate/time limit, and therefore the guest cannot use the room.

[0162] If it is decided that the content data is usable, the content useterminal 2 uses the character string to unlock the door. If it isdecided that the content data is not usable, on the other hand, thecontent use terminal 2 transmits information about a request for usingthe content data to the management server 2. This use requestinformation includes a content identifier recorded on the protectedarea. In response to the use request from the content use terminal 2,the management server 3 decides whether or not to transmit the userestriction update information. In the present embodiment, such adecision process is to decide whether or not the guest can make anextended stay (extend his or her stay). For example, the managementserver 3 searches a room reservation database for a reservation state ofthe room from which the use request information was transmitted. As aresult of search, if the room from which the use request information wastransmitted has not been reserved, it is decided to transmit the userestriction update information. Conversely, if the room from which theuse request information was transmitted has been reserved, it is decidednot to transmit the use restriction update information. As a result ofdecision, when the use restriction update information is transmitted tothe content use terminal 2, the content use terminal updates the userestriction information of the memory card 1 in accordance with the userestriction update information. Furthermore, the content use terminal 2reads the character string for unlocking the door from the memory card 1to unlock the door by using the character string. In this way, thecontent management system according to the present invention can also beapplied to the door locking system in accommodations.

[0163] As such, according to the present invention, a content managementsystem is provided in which whether or not the content data is usable isdecided based on the use restriction information recorded on a recordingmedium, thereby enabling a content provider side to restrict the use ofcontents in more detail.

[0164] Note that, in the present invention, the content data isencrypted, and the key information for decoding the content data isrecorded on the protected area. Therefore, the content use terminal doesnot have to hold information necessary to use the content (the keyinformation and the use restriction information), and does not have toobtain the key information whenever using the content. Therefore, whenthe content data previously used in another terminal is used, thecontent can be easily used. That is, in a conventional method in whichthe terminal obtains the key information from the management server, theterminal has to newly obtain the key information from the server (evenif the key is held in another terminal to be used by the same user). Onthe other hand, according to the present invention, as long as theconditions in the use restriction information are satisfied, the contentuse terminal does not have to communicate with the management server.Therefore, this can simplify a process when a content recorded on arecording medium is used by a plurality of devices.

INDUSTRIAL APPLICABILITY

[0165] As has been described in the foregoing, the content managementsystem of the present invention can be used in order for a contentprovider side to restrict the use of contents in more detail.

1. (Amended) A content management system in which content data recordedon a portable-type recording medium is used by a content use terminal,comprising: the content use terminal; a recording medium removablyinserted to the content use terminal; and a management servercommunicable with the content use terminal, the recording mediumincluding: a content data recording section which records encryptedcontent data; a medium-side authenticating section which performsauthentication with the content use terminal; and a protected area whichrecords therein protected information of which reading from outside isrestricted, the protected information including use restrictioninformation indicative of conditions for using the encrypted contentdata and key information for decoding the encrypted content data, andthe content use terminal including: a terminal-side authenticatingsection which performs mutual authentication with the recording mediumin cooperation with the medium-side authenticating section; a protectedinformation reading section which reads the protected information fromthe protected area of the recording medium only upon a success of themutual authentication performed by the terminal-side authenticatingsection with the recording medium; a use deciding section which decides,based on the use restriction information included in the protectedinformation read by the protected information reading section, whetheror not the content data recorded on the recording medium is usable; acontent decoding section which decodes, upon a decision made by the usedeciding section that the content data recorded on the recording mediumis usable, the content data encrypted and recorded on the recordingmedium by using the key information included in the protectedinformation read by the protected information reading section; and acontent executing section which executes the content data decoded by thecontent decoding section, wherein the management server transmits, tothe content use terminal, use restriction update information forupdating the use restriction information, the terminal-sideauthenticating section performs mutual authentication with the recordingmedium upon a receipt of the use restriction update information from themanagement server, and the content use terminal further includes: anupdating section which updates, in accordance with the use restrictioninformation transmitted from the management server, the use restrictioninformation recorded in the protected area of the recording medium onlyupon success of the mutual authentication performed by the terminal-sideauthenticating section with the recording medium; a use restrictionupdate information storage section which stores the use restrictionupdate information transmitted from the management server; and a userestriction information deciding section which makes a decision whetheror not the protected information recorded on the recording mediumincludes use restriction information corresponding to the userestriction update information stored in the use restriction updateinformation storage section, the decision being made only upon a successof the mutual authentication performed by the terminal-sideauthenticating section with the recording medium, upon new insertion ofa recording medium, the terminal-side authenticating section performsmutual authentication with the newly-inserted recording medium, and upona decision made by the use restriction information deciding section thatthe use restriction information corresponding to the use restrictionupdate information stored in the use restriction update informationstorage section is included, the updating section updates the userestriction information recorded on the recording medium in accordancewith the use restriction update information stored in the userestriction update information storage section.
 2. The contentmanagement system according to claim 1 wherein the content use terminalfurther includes a use requesting section which transmits, upon adecision by the use deciding section that the content data recorded onthe recording medium is not usable, use request information indicativeof a request for using the content data decided as not being usable,upon a receipt of the use request information from the use requestingsection of the content use terminal, the management server transmits, tothe content use terminal, use restriction update information regardingthe content data requested by the transmitted use request information,and upon an update performed by the updating section of the userestriction information recorded on the protected area, the contentdecoding section decodes the content data regarding the updated userestriction information.
 3. The content management system according toclaim 2, wherein the protected information further includes a contentidentifier for identifying the content data recorded on the recordingmedium, the use requesting section transmits, to the management server,as a use request, use request information including the contentidentifier indicative of the content data requested by the use request,and the management server transmits, to the content use terminal, theuse restriction update information regarding the content data indicatedby the content identifier transmitted from the use requesting section ofthe content use terminal.
 4. The content management system according toclaim 1, wherein the use restriction update information is informationindicative of conditions for using the content data, and the updatingsection updates the use restriction information recorded on theprotected area of the recording medium so that conditions indicated bythe use restriction information are identical to the conditionsindicated by the use restriction update information transmitted from themanagement server.
 5. The content management system according to claim1, wherein the use restriction update information is informationindicative of an amount of change in the use restriction informationrecorded on the recording medium between before and after the update,and based on the amount of change indicated by the use restrictionupdate information transmitted from the management server, the updatingsection updates the use restriction information recorded on theprotected area of the recording medium.
 6. (Deleted)
 7. (Amended) Thecontent management system according to claim 1, wherein the content useterminal further includes a discarding section which discards, upon anupdate by the updating section of the use restriction information, theuse restriction update information corresponding to the updated userestriction information from the use restriction update informationstorage section.
 8. (Amended) The content management system according toclaim 7, wherein the management server transmits, to the content useterminal, the use restriction update information together with updatableperiod information indicative of a period during which the userestriction information can be updated by the use restriction updateinformation, the use restriction update information storage sectionfurther stores the updatable period information transmitted from themanagement server, the content use terminal further includes an updatedeciding section which decides, based on the updatable periodinformation stored in the use restriction update information storagesection, whether or not the use restriction information recorded on therecording medium is to be updated, upon a decision made by the userestriction information deciding section that the use restrictioninformation corresponding to the use restriction update informationstored in the use restriction update information storage section isincluded, the updating section updates the use restriction informationonly upon a decision made by the updating decision section that the userestriction information is to be updated, and upon a decision made bythe update deciding section that the use restriction information is notto be updated, the discarding section discards the use restrictionupdate information and the updatable period information corresponding tothe use restriction information decided as being not to be updated fromthe use restriction update information storage section.
 9. The contentmanagement system according to claim 1, wherein the content use terminalfurther includes a retrieval requesting section which transmitsretrieval request information indicative of a retrieval request forrequesting a retrieval of the content data to the management server; anda recording section which records in the recording medium, only upon asuccess of the mutual authentication performed by the terminal-sideauthenticating section with the recording medium, informationtransmitted from the management server in response to the retrievalrequest information transmitted from the retrieval request, themanagement server transmits, to the content use terminal, the encryptedcontent data indicated by the retrieval request information transmittedfrom the retrieval requesting Section of the content use terminal, theuse restriction information regarding the content data, and the keyinformation for decoding the content data, and the recording sectionrecords at least the use restriction information and the key informationof the information transmitted from the management server in theprotected area.
 10. The content management system according to claim 9,wherein the protected area has further recorded therein a contentidentifier for identifying a content recorded on the recording medium,the retrieval requesting section transmits information including thecontent identifier recorded on the recording medium as the retrievalrequest information at the time of retrieving the content data relatedto the content data recorded on the recording medium, and the managementserver transmits, to the content use terminal, the encrypted contentdata which corresponds to content data indicated by a content identifiertransmitted from the retrieval requesting section., the use restrictioninformation regarding the content data, and the key information fordecoding the content data.
 11. The content management system accordingto claim 10, wherein in addition to the content identifier, theretrieval requesting section transmits, to the management server, theuse restriction information corresponding to the content data indicatedby the content identifier, and the management server changes details ofthe use restriction information to be transmitted to the content useterminal in accordance with details of the use restriction informationtransmitted from the retrieval requesting section.
 12. The contentmanagement system according to claim 1, wherein the use restrictioninformation includes at least one of number of uses limit informationindicative of the number of times the content data recorded on therecording medium can be used, time limit information indicative of atime during which the content data recorded on the recording medium canbe used, and date/time limit information indicative of a date/time bywhich the content data recorded on the recording medium can be used. 13.A portable-type information recording medium removably attached to acontent use terminal using content data, comprising: a content datarecording section which records encrypted content data; a medium-sideauthenticating section which performs authentication with the contentuse terminal as a part of a mutual authentication process performed withthe content use terminal; and a protected area which records protectedinformation including a content identifier for identifying the contentdata, use restriction information indicative of conditions for using theencrypted content data, and key information for decoding the encryptedcontent data, the protected information of which reading from outsidebeing restricted, wherein the protected area can be read by the contentuse terminal only upon a success of the mutual authentication processperformed with the content use terminal.
 14. The information recordingmedium according to claim 13, therein the use restriction informationincludes at least one of number-of-uses limit information indicative ofthe number of times the content data can be used, time limit informationindicative of a time during which the content data can be used, and adate/time limit information indicative of date/time by which the contentdata can be used.